Getting Data In

How to completely remove/not select the directory path if it "remote" in its folder structure?

DataOrg
Builder

How to completely remove/not select the directory path if it "remote" in its folder structure  

my regex --- specification|Cu Req|Cu Spec|02 - Regulatory|\\*\\remote||

directory struture 

/specification/Cu Req/remote/value --- remove complete path

/specification/system/val_remote/cmd/system - remove since its has word as "remote"

/specification/system/value/remote--- remove the path

/specification /system/value/cmd/sys32 - consider

 

Labels (2)
Tags (2)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@DataOrg 

Can you please share some example values ( as per your use cases) and expected output?

KV

🙂 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

If I understand correctly, you only want events where the directory field does not contain "remote"?

| regex directory!="remote"
0 Karma

DataOrg
Builder

Need to remove the path before forming up in the file.

https://regex101.com/r/xcKiSe/1

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

I am not clear what you are trying to do here. Do you want to remove "remote" from a field, or remove events with "remote" in a field or something else?

0 Karma

DataOrg
Builder

@ITWhisperer i am writing a script which only the specific directory is considered.

for example  the folder structure is formed like this  /spec/abs/remote  so while forming when remote is there in a directory it should not write the directory

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What has this to do with splunk?

What language are you writing the script in?

Where does the file path come from?

0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...